Password-management apps are a great way to ensure that you create unique, strong passwords for every service, app, or site at which you need one, and you don't have to memorize any of them.
However, what happens if you have a catastrophic failure, and can’t access your main computer? What if your backup drives are encrypted? (Yes, I recommend your backup drives are encrypted so that if stolen or accessed, they are protected.)
Or while you’re recovering your computer, you’re trying to access key financial, medical, or business resources, and you can't access the password in the manager? Or your machine was stolen and you need a password to log into a tracking service, like Find My Mac?
The trick, as always, is preparation. If you make sure to set your password system correctly, you’ll be able to recover.
Apple offers built-in password storage and synchronization with iCloud Keychain via your iCloud account. It’s the one service that, so far, cannot be accessed via iCloud.com. That’s in part because Apple uses a method of encrypting entries so that the necessary decryption key is only stored on devices under your control. Unlike contacts, calendar entries, email, and photos, entries in iCloud Keychain are never decrypted (nor capable of being decrypted) by Apple on its servers.
You can set up an iCloud Security Code when you first turn the service on with your iCloud account. That lets you add additional devices without having access to the others. But depending on your configuration and use of two-factor authentication, you may still need at least one device active with your iCloud account and iCloud Keychain to add another.
On an existing device with iCloud Keychain, you can retrieve Safari and app passwords in iOS via Settings > Passwords & Accounts > Website & App Passwords. in macOS, use Applications > Utilities > Keychain Utility and click the iCloud keychain in the Keychains list or use Safari via Safari > Preferences > Passwords.
iCloud Keychain stands distinct from other keychains on a Mac as it only syncs Safari passwords, passwords in Apple and third-party apps with code enabled to use iCloud Keychain, Wi-Fi network passwords, AirPort base station passwords, and little else. If you need items like external hard-drive passwords, you have to store them in a third-party password manager to ensure access outside of your Mac.
To retrieve iCloud Keychain entries on a fresh device or account, you will almost certainly need to remember your iCloud password, have access to a phone number or other trusted device for two-factor authentication, and know your iCloud Security Code, too, if you enabled that or don’t have another device set up with iCloud Keychain.
If you don’t have access to any of your current devices, you can set up a macOS account on someone else’s Mac and then log in to your iCloud account via the iCloud preference pane to enable iCloud Keychain just on that account.
(Backblaze and other cloud-based backup programs will archive your Mac keychain files, which are in the Users > account name > Library folder, and you could retrieve them to another Mac and open them—if you have your cloud-based backup account password and volume-encryption password!)
Third-party password managers
Most current password-management services have an ecosystem of apps and a central Web site for sync and storage. Like iCloud Keychain, they can let you log into a Web site and view password information without the companies ever having access to your private information or security keys. (Apple chose to not rely on browser-based encryption features that allow local-only encryption key handling and decryption in a Web app.)
AgileBits’s 1Password in particular offers a lot of choices. The company largely shifted to a subscription-based model years ago, in which you pay monthly or yearly for access to a central account at 1Password.com for yourself, family, or business team, and then gain access to all its apps and features.
However, 1Password doesn’t require central sync. You can store everything at 1Password.com, or you can instead or as well use a local folder, Dropbox, iCloud, and even WLAN-based (local Wi-Fi) sync among mobile devices. If you use an option besides or in addition to 1Password.com, your password database always remains stored with strong encryption.
Regardless of the service, you’ll need to memorize your main password to gain access to stored passwords.
With this app and others, make sure that you have everything available in your human memory or in a secure physical place if you lose access to the hardware you typically rely on for password access. LastPass, for instance, has a set of precautions you can take for emergency access.
With a subscription to 1Password.com, accessing the site also requires a secret key. However, the company advises you on set up to create an emergency kit that includes a PDF that you store or print out for access in situations like this.
This Mac 911 article is in response to a question submitted by Macworld reader Neale.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to firstname.lastname@example.org including screen captures as appropriate, and whether you want your full name used. Every question won’t be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.